Lucene search
+L

159 matches found

nuclei
nuclei
added 7 hours ago7 views

WP Travel Engine <= 5.7.9 - SQL Injection

WP Travel Engine 5.7.9 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2024-30502 info: name: WP Travel Engine = 5.7.9 - SQL Injection...

9.8CVSS7.2AI score0.02267EPSS
Exploits0References4
nvd
nvd
added 2026/07/07 6:16 a.m.9 views

CVE-2026-10834

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

4.6CVSS0.00142EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/07 6:0 a.m.36 views

CVE-2026-10834 WP Travel Engine < 6.8.1 - Subscriber+ Arbitrary Media File Move via user_profile_image

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

0.00142EPSS
Exploits0References1
euvd
euvd
added 2026/07/07 6:0 a.m.7 views

EUVD-2026-42010

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

6AI score0.00142EPSS
Exploits0References1
cve
cve
added 2026/07/07 6:0 a.m.18 views

CVE-2026-10834

The CVE covers the WP Travel Engine WordPress plugin (pre-6.8.1) where input validation for a user-supplied profile image path is insufficient before the file is moved. The vulnerability allows authenticated users with subscriber-level access or higher to relocate arbitrary files within the WordP...

4.6CVSS6AI score0.00142EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.9 views

PT-2026-56146

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.8.1 Description Authenticated users with subscriber-level access and above can relocate arbitrary files within the WordPress uploads directory into their own profile-image path. This occurs because the plug...

4.6CVSS6.2AI score0.00142EPSS
Exploits0References5
nvd
nvd
added 2026/06/15 9:17 p.m.12 views

CVE-2026-49770

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS0.00383EPSS
Exploits0References1
nvd
nvd
added 2026/06/15 9:17 p.m.12 views

CVE-2026-49078

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS0.00252EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/15 8:19 p.m.31 views

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS0.00383EPSS
Exploits0References1
cve
cve
added 2026/06/15 8:19 p.m.24 views

CVE-2026-49770

CVE-2026-49770 affects the WordPress WP Travel Engine plugin (

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
euvd
euvd
added 2026/06/15 8:19 p.m.11 views

EUVD-2026-36893

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:19 p.m.7 views

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:19 p.m.8 views

CVE-2026-49078 WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS5.2AI score0.00252EPSS
Exploits0References1
cve
cve
added 2026/06/15 8:19 p.m.27 views

CVE-2026-49078

Technical details for CVE-2026-49078 are not publicly available in the provided documents. Monitor updates from Patchstack/CVE entries for affected version 6.7.10 and potential fixes.

7.5CVSS5.2AI score0.00252EPSS
Exploits0References1
euvd
euvd
added 2026/06/15 8:19 p.m.10 views

EUVD-2026-36877

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS5.2AI score0.00252EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/15 8:19 p.m.30 views

CVE-2026-49078 WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS0.00252EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.14 views

PT-2026-49343

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.7.13 Description An unauthenticated PHP Object Injection exists in the software. PHP Object Injection occurs when user-supplied input is passed to the PHP unserialize function without proper validation,...

9.8CVSS5.8AI score0.00383EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/14 12:0 a.m.14 views

PT-2026-49169

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.7.11 Description An unauthenticated issue exists in the WP Travel Engine plugin that allows for an unspecified vulnerability type to be exploited without requiring user authentication. Recommendations Updat...

7.5CVSS5.2AI score0.00252EPSS
Exploits0References3
patchstack
patchstack
added 2026/06/05 9:30 a.m.9 views

WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin WP Travel Engine versions = 6.7.10...

7.5CVSS5.5AI score0.00252EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2026/06/04 1:26 p.m.12 views

WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin WP Travel Engine versions = 6.7.12...

9.8CVSS5.5AI score0.00383EPSS
Exploits0Affected Software1
Rows per page
Query Builder